Chapter 12
Improving System Security

by Steve Burnett

In this chapter

Handling Physical Security

Dealing with Password Security

Developing Login Security

Handling File Security>

Avoiding Social Engineering Threats

Recording Use of the su Command

Developing a Secure System

PAM: The Pluggable Authentication Modules Architecture

Shadow Passwords: What Good Are They?

Unless your system is locked in a closet, you’re the only one with a key, and you keep the key on a chain around your neck at all times, you should be concerned about system security. This really isn’t a joke. If there are multiple users, if the system is connected to the outside world by modems or a network, or if there are times when the system isn’t attended, there’s the real risk that someone may gain unauthorized access to it.

Sometimes, unauthorized access is benign—but it can still be unnerving. If someone takes the time to gain access to your system, that person probably has the skill to copy information you want to keep confidential, make unauthorized use of your system’s resources, and modify or delete information.

In most organizations, the systems administrator has the responsibility for system security. You don’t have to be paranoid about it, but you should be aware of the risks and be able to take steps to keep your system secure. Be assertive and professional when addressing security issues.

This chapter discusses ideas and policies for increasing computer security, as well as actual techniques that you can use to make your system more secure. Some of these ideas are of little use to the home computer user and tend to apply to larger installations. Other points in this chapter are very applicable to home users.

---

NOTE:  Over the past several years, the mass media has changed the meaning of the word hacker from “a computer enthusiast” to “someone who breaks into computers.” In the computer community, the commonly accepted term for someone who breaks into computers is cracker. This is the term used throughout this chapter.

---

Handling Physical Security

With all the mass media hype about viruses, computer break-ins, and diabolical computer crackers with their modems and network connections, too little attention is paid to the physical security of computer systems. Computer equipment is fairly sensitive to various environmental conditions.

Fire and smoke can obviously mean a quick end for your computing equipment. If you have any sort of business computer installation, you should consider installing smoke detectors, automatic fire extinguishers, and a fire alarm system.

In addition to fire and smoke, dust can wreak havoc with computer equipment. Dust is abrasive and can shorten the life of magnetic media and tape and optical drives. Dust can collect in ventilation systems and block the airflow, letting computers overheat. Also, dust can be electrically conductive and can cause circuit boards to short out and fail.

Electricity poses a special threat to computer equipment. Computers are very sensitive to surges in electrical current. All computer equipment should be connected to surge suppression equipment to reduce the chances of damage. This includes modems connected to telephone lines. Many areas suffer from “dirty power” that fluctuates in current and voltage.

---

NOTE:  Although surge suppressors can help protect against spikes in the electrical current, they’re virtually worthless against any kind of lightning strike. If lightning hits an incoming line to your house or business, simple surge suppressors are unlikely to save your equipment. In the case of a severe thunderstorm, it’s best to unplug your surge suppressor and wait it out.

---

Computers are also common targets for theft. Many computer components are small and expensive. As a result, they’re easily stolen and sold. You should evaluate how secure your computers are and try to protect them against theft as you would any valuable possession.

Another aspect of physical computer security is preventing access by unauthorized persons. If someone can walk into your computer room, sit down at a console, and start working unchallenged, you have a problem. By controlling access to your computers, you make it more difficult for someone to steal or damage data or equipment. Establish access policies for your computing facilities and educate your users as to these policies.

The following are some steps you can take to improve the physical security at your installation:

•  Don’t leave a system, tape drives, disk drives, terminals, or workstations unattended for a prolonged period of time. It’s a good idea to have some restrictions regarding access to the rooms that house your primary system and associated tape and disk drives. A lock on the door goes a long way in providing security. An unauthorized person can remove backup media—disks or tapes—from an unlocked area.

•  Don’t leave the system console or other terminal device logged in as root and unattended. If users know the system, they can easily give themselves root privileges, modify important software, or remove information from the system.

•  Educate system users about physical security risks. Encourage them to report any unauthorized activity they may witness. Feel free to courteously challenge someone you don’t recognize who is using the system.

•  If possible, don’t keep sensitive information on systems that have modem or network connections.

•  Keep backups in a secure area and limit access to that area.